I want to setup a dedicated gpg server to host keys so that the keys I'm storing are removed from the encrypted data I'm storing. I see I have some options for gpg available to me:
https://github.com/singpolyma/openpgp-php
https://secure.php.net/manual/en/book.gnupg.php
I have setup my gpg server which is now listening on a port but none of these shows me how I can connect to a remote gpg server and I can't find any examples online. How can I use these libs with a remote gpg server?
GPG keyservers only store public keys. Their purpose is to distribute public keys and to help establish the web of trust. Are you also looking to centrally store private keys to allow for decryption and signing?
If you just want to run a keyserver like https://keyserver.ubuntu.com then you’re looking for something called the SKS keyserver. It’s hosted here: https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Home Please note however, that this software looks to be very rough around the ages and non-trivial to deploy. The documentation is also not very good.
If you’re looking to centralize storage of your keyrings (ie your public and private keys) somehow, I’d recommend this as an alternative: https://superuser.com/questions/466396/how-to-manage-gpg-keys-across-multiple-systems It’s probably not exactly what you want, but it’s probably safest.
Suppose you have 3 servers, A, B and C, that all need access to private key K. Rather than copy private key K to all 3 servers, you could set up said key with 3 separate subkeys, one dedicated to each server, and then distribute the keys such that only the subkeys assigned to a specific server are on that server. That way, all servers can use the primary key, but through the use of their own dedicated subkey only, and if any of the servers get compromised, you can (in theory) just revoke the affected subkey, instead of having to revoke the entire key... I think... I may be wrong on this one, though.
Having said this, you might as well just create separate (primary) keys for each server and then use a master key to sign them to manage trust and revoke compromised keys, if necessary... the downside to this method is that each server would then have its own user id and a different key id, whereas with the subkey method, all servers would use the same key id and user id.
This page describes how to create a personal key with subkeys, and how to store the primary key securely: https://alexcabal.com/creating-the-perfect-gpg-keypair/ I’d use this same principle to create sets of subkeys for each of your servers. Thus far I wasn’t able to find a guide to do this for multiple servers, or exact instructions on how to revoke a subkey without revoking the entire master key, so this scheme, while it sounds appealing in theory, may not be supported or very common... but it should work, though.